Implementing version info parse #921

[AntonDevil]

Resource directory and version info structure parse implemented.
Parsing tested. Need to think about storing information and how
to work with UTF-16 (mb storing in sdb in UTF-8?) Assumed that
PE file resource directory 3 levels deep (type group - entries - langs).
proposals and advices are welcome =)

[AntonDevil]

btw, parsing resource directory is the first step to many of PE Info #921 parsing

[XVilka]

You can store UTF-16 as a base64 in sdb.

[radare]

Yep. Use native sdb functions to do that. Anyway you can also convert utf16 to utf8. That will be more readable but you lose the original encoding, not sure if you really need that, but i prefer to work in utf8 all the time.

On 12 Apr 2015, at 10:40, Anton Kochkov [email protected] wrote:

You can store UTF-16 as a base64 in sdb.

—
Reply to this email directly or view it on GitHub.

[Maijin]

Being able to retrieve the original content is very resources.
As you know it's quite common to find sub-dll or sub-executable as a Resources in Malware.

[radare]

The original content is inside the file. When you get a string you want it readable and accessible by the user.

On 12 Apr 2015, at 11:01, Maijin [email protected] wrote:

Being able to retrieve the original content is very resources.
As you know it's quite common to find sub-dll or sub-executable as a Resources in Malware.

—
Reply to this email directly or view it on GitHub.

[Maijin]

Yes of course if it's only string issue it's ok 👍

[jvoisin]

No need to check if bla is null before calling free (bla) :)

[jvoisin]

Except the if (bla != NULL) free (bla); and not checking memory-allocation, the code looks pretty clean to me, that's great :)

[jvoisin]

It would be cool to have some tests to avoid regressions btw ;)

[XVilka]

This one is heavily related #926

[Maijin]

@jvoisin for the moment it doesn't display anything so, it's quite hard to test. But I suppose this resource parser is launch against all PE files in format.pe tests and passes current tests.

[radare]

if you store that information in sdb, the user can access it using the k command using an sdb query. We can think in a generic way to interact with this information in a generic way to support other file formats later.

[AntonDevil]

Guys, you could check version info parsing. It is in bin/cur/info/vs_version_info directory in sdb. Comments, claims, complaints highly required. Thinking of adding regression test.
Hope i didn't break any tests.

[Maijin]

@AntonDevil See the green check, means that you didn't break tests ;-)

[radare]

ready to merge?

[AntonDevil]

@radare Yes

[radare]

Those changes can't be applied to master. Can you redo the pullreq with a single-squashed commit rebased from the master branch?

thanks

[AntonDevil]

@radare done

[radare]

Thanks! merged

[radare]

Well... that broke the windows build because of dupped defines.
see http://ci.rada.re/job/radare2-w32/4108/console

[radare]

Fixed in 1aac146fdfdc9ff16812f9ba21ea9586f00ef3a6